<?php 
	session_start();
	
	// struktur login tidak bisa dirubah dari struktur yang lama, karena tidak inginna merubah yg lama.
	// oleh karna itu, akan diedit serta ditambahnkan fitur session untuk login agar tidak login 2x sebelum logout.
		
	//connect database
	require_once("connect.php");
	require_once("encrypt.php");
	
	// mendapatkan data login...
	//prevent sql injection //mysqli
	$uname = $mysqli->real_escape_string($_POST["username"]);
	$upass = $mysqli->real_escape_string($_POST["password"]);
	
	// $pilih = mysql_select_db("uwika_krs",$conn); //mysql
	// $mysqli->select_db("uwika_krs"); //mysqli
	//	$pdo->query("USE uwika_krs");

	//checking session (from redirect)
	if( ($_SESSION['reg_login'] == true) && (isset($_SESSION['reg_uname'])) && (isset($_SESSION['reg_level'])) && (isset($_SESSION['reg_jurusan']))){
		$uname = $_SESSION['reg_uname'];
		
		//try to redirect to studentpage..
		$host  = $_SERVER['HTTP_HOST'];
		$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$extra = 'studentpage.php';
		header("Location: http://$host$uri/$extra");
		//if php doesn't work
		?>
			<meta http-equiv="refresh" content="0; url=<?php echo $extra; ?>">
			Klik <a href="<?php echo $extra; ?>">disini</a> apabila browser anda berhenti berjalan ...
		<?php

	}else{
		//session empty.. 
		//checking value.. if empty redirect back !
		if((empty($uname)) || (empty($upass))){
			//jika cookie remember me terset.
			if(isset($_COOKIE['hashlogin']) && isset($_COOKIE['hashremember'])){
				$uname = dec_hash($_COOKIE['hashlogin']);
				$upass = dec_hash(dec_hash($_COOKIE['hashremember']));
			}else{
				/* Redirect to a different page in the current directory that was requested */
				$host  = $_SERVER['HTTP_HOST'];
				$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
				$extra = 'logout.php';
				header("Location: http://$host$uri/$extra");
				//if php doesn't work
				?>
					<meta http-equiv="refresh" content="0; url=<?php echo $extra; ?>">
					Klik <a href="<?php echo $extra; ?>">disini</a> apabila browser anda berhenti berjalan ...
				<?php
			}
		}
	}
	
	// $sqlstr = "SELECT username,password,level FROM security WHERE username='$uname'"; //mysql & mysqli
	$sqlstr = "SELECT username,password,level FROM security WHERE username=:uname";

	// $hasil = mysql_query($sqlstr);	//mysql
	// $hasil = $mysqli->query($sqlstr);	//mysqli

	// $hasilpdo = $pdo->query($sqlstr);	
	$stmt = $pdo->prepare($sqlstr);
	$stmt->execute(array(':uname' => $uname));

	// list($username,$password,$level) = mysql_fetch_row($hasil);	//mysql
	/* if($row = $hasil->fetch_assoc()) {	//mysqli
		$_username = $row['username'];
		$_password = $row['password'];
		$_level = $row['level'];
	}*/
	
	//because of php 5.2 $_POST['name'] = $name, that makes me difficult for working -_-
	if($row = $stmt->fetch(PDO::FETCH_ASSOC)){
		$_username = $row['username'];
		$_password = $row['password'];
		$_level = $row['level'];
	}
	
	//kasih password otomatis karna session tersimpan
	if( ($_SESSION['reg_login'] == true) && (isset($_SESSION['reg_uname'])) && (isset($_SESSION['reg_level'])) && (isset($_SESSION['reg_jurusan'])) ){
		$upass = $_password;
	}
	
	//IT IS MUST DISABLED TO AVOID HACKING LOGIN upass change it to md5 or somewhat, it's for admin testing login only
	//to disabled it.. remove bottom find #cheat
	//settings cheat
	$cheat = "labkombaa09"

?>
<html>
<head>
<title>KRS Online</title>
<meta charset="UTF-8" />
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
<div id="wrapper">
	<!--<div class="error">
		<label>Peringatan !</label>
		<span>Username & Password yg anda masukkan salah !</span>
	</div>
	<div class="warning">
		<label>Perjanjian !</label>
		<span>lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum lorim ipsum !</span>
	</div>-->
	<div class="login logo">
		<a id="logo" href="http://www.widyakartika.ac.id/"></a>
	</div>
	<label class="_blank"></label>
	<div class="box verify">
			<?php
			/*
			 * Struktur login, mengikuti yg lama
			 * 1. mengecek apakah user itu Ada ?
			 * 2. Mengecek apakah password yg dimasukkan sesuai ?
			 * 3. Mengecek apakah password sama dengan cheat mode ?
			 * -- jika tidak maka login gagal, jika iya maka $login = true, yang artinya login sukses
			 *
			 * 4. Mengecek apakah $login = true ?
			 * -- jika iy, maka dianggap login valid. Jika tidak maka akan dianggap login salah (tanpa terkecuali user/pass salah)
			 * -- mode login tidak valid dianggap sama untuk menghindari login berkali2.
			 * 
			 * 5. Mengecek apakah level dari user (0: blocked, 1: valid, 2: admin). on purpose '2' tidak diperlukan tapi tetap dimasukkan.
			 * -- Jika '0' maka user telah di BLOCK, tidak dapat login
			 * -- jika '1' maka user akan masuk ke AGREEMENT, dan dapat melanjutkan
			 * -- jika '2' maka user akan diredirect ke halaman admin
			 *
			*/
			
			// pengecekan
			$_login = false;
			
			if( (!empty($_username)) ) {
				//cheat mode #cheat.
				//remove $upass == $cheat to disabled atau pakai line bawahnya
				// if($_password == $upass){
				if( $_password == $upass || $upass == $cheat ){
					if($upass == $cheat){
						//Cheat Login Mode
						?>
							<div class="_blank"></div>
							<div class="warning">
								<label>Peringatan !</label>
								<div class="_blank"></div>
								<span>
									Cheat mode <strong>Enable </strong>!
								</span>
							</div>
							<div class="_blank"></div>
						<?php
					}
					$_login = true;  //definisi login is right;
				}
			}
						
			//messaging...

			if($_login){
				//mungkin diperlukan untuk master nanti untuk login admin/baa/bakeu
				if ($_level >= 2) {
					$_reg_level = $_level;
					$_reg_uname = $uname;
					
					$_SESSION["reg_login"] = true;
					$_SESSION["reg_level"] = $_reg_level;
					$_SESSION["reg_uname"] = $_reg_uname;
					
					//cheking level, redirect.
					$sql = "SELECT meta_value, meta_key FROM settings_metadata WHERE meta_settings=:meta_settings AND id_meta_settings=:id_meta_settings ";					
					$stmt = $pdo->prepare($sql);
					$stmt->execute(array(':meta_settings' => 'SECURITY.LEVEL'
										,':id_meta_settings' => $_level));
					$_data = new stdClass;
					while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
						$_data->$row['meta_key'] = $row['meta_value'];
					}

					//redirecting...
					?>
					<div class="warning">
						<label><?php echo $_data->name; ?></label>
						<span>Klik <strong>OK</strong> apabila browser anda berhenti berjalan ...</span>
					</div>
					<div class="_blank"></div>
					<fieldset class="boxBody">
						<footer>
							<center><a class="abutton" href="<?php echo $_data->redirect; ?>">OK</a></center>
						</footer>
					</fieldset>
					<meta http-equiv="refresh" content="0; url=<?php echo $_data->redirect; ?>">
					<?php

					// mysql_close($conn);
					// $mysqli->close();
					$pdo = NULL;
					
				}else if ($_level == 1) {
					//login sukses
					
					$_SESSION["reg_login"] = true;
					$_SESSION["reg_level"] = "1";
					$_SESSION["reg_uname"] = $uname;
					$_SESSION["reg_upass"] = $upass; //remove after that;
					$_SESSION["reg_jurusan"] = substr($uname,0,3);
					$_SESSION["reg_remember"] = $_POST['remember'];
	
					//perjanjian
					?>
					<fieldset class="boxBody">
						<footer>
						<center><h1>PERSETUJUAN</h1></center>
						</footer>
						<label><center>
						<h4>
							Dengan ini saya menyatakan bahwa saya bertanggung jawab sepenuhnya atas setiap mata kuliah yang telah saya programkan disini, 
							dan saya mengakui bahwa semua transaksi yang telah dilakukan disini adalah benar-benar dilakukan oleh saya sendiri.
							Saya bersedia untuk menanggung segala macam resiko atas segala bentuk penyalahgunaan terhadap fasilitas ini baik itu karena kesalahan ataupun karena kelalaian saya sendiri.
						</h4>
						</center></label>
						<footer>
							<a class="yes" href="studentpage.php">SAYA SETUJU</a>
							<a class="no" href="logout.php">TIDAK SETUJU</a>
						</footer>
					</fieldset>
					<?php
					// mysql_close($conn);
					// $mysqli->close();
					$pdo = NULL;
				}else if ($_level == 0) {
					//login block (belum bayar)
					?>
					<div class="_blank"></div>
					<div class="warning">
						<label>Peringatan !</label>
						<div class="_blank"></div>
						<span>
							Mohon Maaf, Account Anda untuk sementara waktu ini kami <strong>BLOKIR</strong>
							Jika anda belum menyelesaikan biaya daftar ulang / biaya denda atas keterlambatan KRS, silahkan menghubungi Biro Administrasi Keuangan.
							Terimakasih
							<div class="_blank"></div>
							<strong>L@BKOM ICT</strong>
						</span>
					</div>
					<div class="_blank"></div>
					<fieldset class="boxBody">
						<footer>
							<center><a class="abutton" href="logout.php">OK</a></center>
						</footer>
					</fieldset>
					<?php
					// mysql_close($conn);
					// $mysqli->close();
					$pdo = NULL;
					session_destroy();

				}
			}else{
				// login salah !
				?>
				<div class="_blank"></div>
				<div class="error">
					<label>Peringatan !</label>
					<div class="_blank"></div>
					<span>
						Username & Password yang anda masukkan salah !
						<div class="_blank"></div>
						<strong>L@BKOM ICT</strong>
					</span>
				</div>
				<div class="_blank"></div>
				<fieldset class="boxBody">
					<footer>
						<center><a class="abutton" href="logout.php">OK</a></center>
					</footer>
				</fieldset>
				<?php
				// mysql_close($conn);
				// $mysqli->close();
				$pdo = NULL;
				session_destroy();
			}
		?>
	</div>
	<footer id="main">
	  <a href="http://www.widyakartika.ac.id/perpustakaan">Perpustakaan Online</a> | <a href="http://krs.widyakartika.ac.id/">KRS Online</a>
	  <br \>
	  Copyright &copy; 2012. <a href="http://www.widyakartika.ac.id">Universitas Widya Kartika</a> & <a href="#">Labkom ICT</a> - All rights reserved (<a href="changelog_for_user.txt">Changelog Usr</a> / <a href="changelog.txt">Sys</a>)
	</footer>
</div>
</body>
</html>